Dr Pradeep Mahapatra
‘Personal Data Protection Bill 2019’ introduced in the Lok Sabha on December 11, 2019, was withdrawn by the government on August 3, 2022. After long deliberations, both inside and outside the Parliament for five years its withdrawal proves the sensitive nature of the subject. Ashwini Vaishnaw, Minister for Information Technology said, “the government will bring a set of new legislation for a comprehensive legal framework for the digital economy.” It is believed that there will be public consultation before introducing new legislation in Parliament.
In the event of wide internet penetration and the growth of the user base, the need for the protection of personal data comes to the forefront. An expert panel headed by Justice B.N. Srikrishna prepared the first draft of a bill on the subject and presented to the government in July 2018. Subsequently, the Ministry of Information and Technology started working on it from October the same year.
It was presented in Lok Sabha in December 2019 and after discussions, a Joint Parliamentary Committee was formed with Meenakshi Lekhi, a BJP Member of Parliament as the chairperson. The committee wanted more time to present its report and an extension was granted in September 2020. After Lekhi was inducted as a cabinet minister in central government, P.P. Choudhary, again a BJP Member of Parliament was appointed as the new chairperson. The report of the Joint Parliamentary Committee was tabled in Parliament in December 2021 and stirred debate over various provisions in the Bill. It was finally withdrawn during the first week of August 2022.
The reasons behind the withdrawal of the Bill included that though it contained 99 sections, the Joint Parliamentary Committee had recommended 81 amendments and 12 recommendations. “The Joint Parliamentary Committee’s report on Personal Data Protection Bill had identified many issues that were relevant, but beyond the scope of a modern digital privacy policy,” Minister of State for Electronics Information technology Twitted.
In course of the expansion of online ecosystem in the country, citizens face threat in economic, political and social fields due to the misuse of personal data by miscreants The prevailing situation warrants the protection of personal data, both at the software and hardware level in the online landscape. There is a growing demand in this regard and even the Supreme Court directed the government for enactment of laws to control the situation in its 2017 landmark judgment on the subject. “The right to privacy is protected as an intrinsic part of the right to life and personal liberty;” the apex court claimed.
The Joint Committee of Parliament report in its review on the draft “Personal Data Protection Bill 2019” advised to consider social media messenger portals and applications like Facebook and Twitter as publishers of the posts circulated in their platforms. The remark created controversies. Information Technology Act 2000 considers social media platforms as intermediaries. There is provision in the law that in certain cases the government can order the social media platforms to block accounts or delete posts in a stipulated time period failing which the status of social media platforms will change from ‘intermediary’ to ‘publisher’. Usually, the ‘publisher’ remains responsible for the content ‘published’ in legal terms. While the rationale behind the assumption is being preferred by all, the committee’s advice appeared irrational to many.
The Bill modified by the Joint Committee of Parliament recommended establishing a Data Protection Authority. The proposal was broadly welcomed by many. Since information technology is in an evolutionary stage and new features are added on daily basis, the bureaucrats and police fail to fully understand the online complicacies. It has been learned from experience that the general administration, law, and order officials often wrongly utilise the provisions provided in the laws and prove unable to control online fraud. Such a situation warrants a specialized agency to regulate government control on the matter.
However, the provisions mentioned in the report to completely exclude government functionaries from the ambit of data privacy attracted criticism. The Bill modifies by the committee allowed the administration to collect, store and utilize both personal and non-personal data of the citizens of the country. Such partiality in policy formulation was not acceptable by different sectors. A number of Members of the Joint Committee of Parliament who reviewed the draft Bill comprising 20 members of Lok Sabha ad 10 members of Rajya Sabha including Manish Tiwari, Mohua Maitra, Gourav Gopal, Ritesh Pandy, Vivek Tankha, Jayaram Ramesh, Derik O’Brien and Amar Patnaik wrote disagreement notes.
Taken into consideration all such developments, the withdrawal of ‘The Personal Data Protection Bill 2019’ seemed to be rational. Rajeev Chandra Sekhar, Minister for State for Electronics and Information Technology, explained, “The Bill, modified by the Joint Committee of Parliament become very complex because of the large number of recommendations made by the panel. It veered away from the core issue of data protection and information privacy, like trusted hardware, certification, non-personal data and data localization. All these issues are basically creeping into the legislation because of gaps in the existing IT Act. So there were two options before the government – create a complex, cumbersome law, which will cause a tremendous amount of compliance challenges for startups or say let’s go back and do a clean state, where we do a framework of laws and policies.”
Justice B.N. Srikrishna, who headed the panel of experts that wrote the first draft of the legislation said, “This time they should consider all the criticism by the Internet activists, foreign companies, and the social activists, that the Bill was not giving enough thought to the data privacy right.”
The Ministry sources revealed that after the withdrawal of the ‘Data Protection Bill 2019’, the government is hopeful to “bring a set of new legislation for a comprehensive legal framework” by the 2022 Budget sessions of Parliament. The government’s preparedness to continue the consultations with stakeholders is good news However, data privacy can not be protected only with the enactment of laws, and notification of rules. The consumers should be adequately educated and become literate to conduct dealings in a digital economy. It emphasizes an urgent step toward propagating media literacy. Surprisingly we hear a little about such an effort!
(Edited English version of the original Odia newsletter circulated by the author on August 5, 2022.https://tinyletter.com/pradeepmahapatra/letters/message-261. It is an open-access content, free for translation and reproduction)
Dr. Pradeep Mahapatra is a retired faculty of Journalism, Berhampur University, Odisha.https://about.me/pradeepmahapatra
References:
Govt withdraw data protection bill from LS. The Times of India (Bhubaneswar Edition). August 4, 2022
Lele, Sourabh. Govt withdraws personal Data Protection Bill 2019. Business Standard (Bhubaneswar Edition). August 4, 2022
Chandra Sekhar, Rajeev. ‘We had 2 options: Complex law or start with a clean slate.’ Business Standard (Bhubaneswar Edition). August 05, 2022
Lele, Sourabh. Must factor in criticism, says justice Srikrishna. Business Standard (Bhubaneswar Edition). August 05, 2022
Protecting privacy : New legislation must address all concerns. Business Standard (Bhubaneswar Edition). August 05, 2022